Do you still believe input validation is enough to fix Cross Site Scripting (XSS)? Billy Hoffman said it best at Schmoocon 2007 (4 years ago!!!) in his talk “JavaScript Malware for a Grey Goo Tomorrow” (fast forward to Q & A, minute 51:45): Person in the audience asks: “You said that AJAX doesn’t really change …
Update 01/08/2011: The videos are now up here. Thank you Tomasz! Update: Thanks to Jamie Duxbury (@w1bble) for hosting most of the pictures linked to from this page. I thought it was Soraya for some reason, sorry :). As I mentioned earlier: I was really honoured to attend BSides London and DC4420, aka Defcon London …
Thanks to Toby for contributing to this security news bulletin! I was honoured to attend BSides London and DC4420, aka Defcon London both of which were a blast this Wednesday and an obligatory blog post will follow hopefully this evening. Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the …
Category Index Hacking Incidents / Cybercrime Software Updates Business Case for Security Web Technologies Network Security Database Security Mobile Security Privacy General Hacking Incidents / Cybercrime Russian news reports that 20-year-old Ivan Kaspersky was kidnapped and his captors are demanding ransom [www.darkreading.com] [4/22/11 UPDATE: Russian media this morning are reporting that Ivan Kaspersky has …
Thanks to Shaun for contributing to this security news bulletin! Feedback and/or contributions to make this better are appreciated and welcome Highlighted quotes of the week: “Making connections is always easier when there’s alcohol involved” – Adam B. 😉 “Pretty much anyone can be breached at any time” – Jon Oltsik “Wonder if my Safari …
Category Index Hacking Incidents / Cybercrime Unpatched Vulnerabilities Software updates Business Case for Security Web Technologies Network Security Cloud Security Funny Hacking Incidents / Cybercrime RSA SecurID breach began with spear phishing attack [searchsecurity.techtarget.com] The assault against RSA, the security division of EMC Corp., began with two waves of spear phishing attacks using an …
I know it is April’s 1st but I am Spanish, don’t worry! 🙂 (we have the 28th of December for those things) Thanks to Tadek, John and Brian for contributing to this weekly security news bulletin! For the technically inclined I also put together the following this week: – iptables: white-listing TCP connections to reduce …
Category Index Hacking Incidents / Cybercrime Software Updates Business Case for Security Network Security Web Technologies Privacy General Funny Hacking Incidents / Cybercrime Comodo: two more resellers were compromised [www.h-online.com] Comodo has confirmed that two other resellers have been compromised since the ‘Comodogate’ attacks which saw an attacker generate forged certificates for login.live.com, mail.google.com, www.google.com, …
NOTE: This will work in backtrack, ubuntu and pretty much any Linux distro as far as I know There are times where you would like to open a service to the internet and it is ok to only allow one host/IP address to connect to you, for example: – Host-to-host transactions – During a pentest …
I recently got an interesting question via email: Hi Abraham, I was just wondering if you’ve ever used a tool called Angry IP scanner? Is it safe to use? Is there any risk of it crashing a host you are scanning? Regards, Short answer: Q: I was just wondering if you’ve ever used a tool …
